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CLAIMS 

is claimed is: 

A method of creating a network connection between an applet executing on a 
client computer and a content server computer, the method comprising: 

determining a home site name for the applet, the home site name 
corresponding to a host name of a computer from which the applet was 
downloaded to the client computer; 

checking for the presence of a hostname entry in a name directory on the 
content server computer, the hostname entry corresponding to the home site 
name for the applet; 

permitting the applet to create a network connection with the content 
server computer if the hostname entry was present; and 

denying permission for the applet to create a network connection with the 
content server computer if the hostname entry was not present. 

The method of claim 1, wherein checking for the presence of a hostname entry 
in a name directory on the content server computer comprises: 

generating a Uniform Resource Locator for the hostname entry on the 
content server computer; and 

sending an HTTP request using the Uniform Resource Locator to the 
content server computer to determine whether the hostname entry is present in 
the name directory on the content server computer. 

The method of claim 2, wherein generating a Uniform Resource Locator 
comprises combining a host name of the content server computer, a path name 
of the name directory, and a name of the hostname entry. 



^2682.2016-001 



-23- 



4. The method of claim 2, wherein sending an HTTP request using the Uniform 
Resource Locator comprises sending an HTTP HEAD-request using the 
Uniform Resource Locator to the content server computer to determine whether 
the hostname entry is present in the name directory on the content server 

5 computer. 

5. The method of claim 2, further comprising looking up an address of the content 
server. 

6. The method of claim 5, wherein checking for the presence of a hostname entry 
in a name directory on the content server computer comprises using the address 

10 of the content server to check for the presence of the hostname entry, and 

wherein permitting the applet to create a network connection with the content 
server computer if the hostname entry was present comprises using the address 
of the content server to create the network connection with the content server. 

15 7. The method of claim 1, wherein an execution engine executes the applet on the 
client computer, and wherein checking for the presence of a hostname entry in a 
name directory of the content server computer comprises using network 
restriction software in the execution engine to check for the presence of the 
hostname entry. 

20 8. The method of claim 1 , wherein checking for the presence of a hostname entry 
in a name directory on the content server computer comprises using a consistent 
path name for the name directory. 

9. The method of claim 8, wherein checking for the presence of a hostname entry 
in a name directory on the content server computer comprises using an 
25 instruction from the applet on a path name for the name directory. 



-24- 



The method of claim 9, wherein using an instruction from the applet on a path 
name for the name directory comprises using a language construct to determine 
the path name for the name directory. 

The method of claim 1, further comprising using the hostname entry to 
determine types of network connections that are permitted between the applet 
and the content server computer. 

The method of claim 1, wherein checking for the presence of a hostname entry 
in a name directory on the content server computer comprises checking for the 
presence of a file in the name directory that has a file name identical to the home 
site name for the applet. 

The method of claim 1, further comprising performing an address check. 

The method of claim 13, wherein performing an address check comprises: 
determining an address list for the content server computer; 
determining an address list for the computer from which the applet was 

downloaded; and 

denying permission for the applet to create a network connection with the 
content server computer if the address list for the content server computer is not 
a subset of the address list for the computer from which the applet was 
downloaded. 

The method of claim 13, wherein performing an address check comprises 
denying permission for the applet to create a network connection with the 
content server computer if the home site name for the applet is in dotted quad 
form, and an address specified by the dotted quad form is not identical to an 
address for the content server computer. 
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A client computer system that executes an applet that was downloaded from an 
applet home site, the client computer system comprising: 

a processor that executes programmed instructions; and 

a memory that stores a plurality of programmed instructions, including 
programmed instructions for an execution engine that executes the applet, the 
execution engine including network restriction software that, when executed by 
the processor, causes the client computer to: 

receive a request to create a network connection with a content server 
computer from the applet; 

check for the presence of a hostname entry in a name directory on the 
content server computer, the hostname entry corresponding to a name of the 
applet home site; and 

deny permission for the applet to create a network connection with the 
content server computer if the hostname entry was not present in the name 
directory on the content server. 

The client computer system of claim 16, wherein the network restriction 
software causes the client computer to check for the presence of the hostname 
entry in the name directory file by: 

generating a Uniform Resource Locator for the hostname entry on the 
content server computer; and 

sending an HTTP request using the Uniform Resource Locator to the 
content server computer to determine whether the hostname entry is present in 
the name directory on the content server computer. 

The client computer system of claim 17, wherein the HTTP request comprises an 
HTTP HEAD-request. 
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The client computer system of claim 17, wherein the Uniform Resource Locator 
comprises a host name of the content server computer, a path name of the name 
directory, and a name of the hostname entry. 

The client computer system of claim 16, wherein the network restriction 
software further causes the client computer to look up an address of the content 
server. 

The client computer system of claim 20, wherein the network restriction 
software causes the client computer to use the address of the content server to 
check for the presence of the hostname entry and to create the network 
connection with the content server if permission to create the network 
connection with the content server is not denied. 

The client computer system of claim 16, wherein the name directory comprises a 
directory in a file system of the content server computer. 

The client computer system of claim 22, wherein the hostname entry comprises 
an empty file in the name directory on the content server computer. 

The client computer system of claim 16, wherein the name directory comprises a 
file on the content server computer. 

The client computer system of claim 16, wherein the name directory on the 
content server computer has a consistent pathname. 

The client computer of claim 16, wherein the applet provides instructions that 
determine a pathname for the name directory on the content server. 
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27. The client computer of claim 26, wherein the instructions that determine the 
pathname for the name directory on the content server comprise programming 
language constructs. 

28. The client computer system of claim 16, wherein a name of the hostname entry 
5 is identical to a host name of the applet home site. 

29. The client computer system of claim 16, wherein the hostname entry comprises 
information on the types of network connections that may be made between the 
applet and the content server computer. 

30. The client computer system of claim 16, wherein the network restriction 
10 software further causes the client computer to perform an address check. 

3 1 . The client computer system of claim 30, wherein the network restriction 
software causes the client computer to perform the address check by: 

determining an address list for the content server computer; 

determining an address list for the computer from which the applet was 
15 downloaded; and 

denying permission for the applet to create a network connection with the 
content server computer if the address list for the content server computer is not 
a subset of the address list for the computer from which the applet was 
downloaded. 

20 32. The client computer system of claim 30, wherein the network restriction 

software causes the client computer to perform the address check by denying 
permission for the applet to create a network connection with the content server 
computer if the home site name for the applet is in dotted quad form, the dotted 
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quad form specifying an address, and the address specified in the dotted quad 
form is not identical to an address for the content server computer. 

A computer data signal including program code for creating a network 
connection between an applet and a content server computer using a software 
system comprising: 

program code for determining a home site name for the applet, the home 
site name corresponding to a host name of a computer from which the applet 
was downloaded to the client computer; 

program code for checking for the presence of a hostname entry in a 
name directory on the content server computer, the hostname entry 
corresponding to the home site name for the applet; 

program code for permitting the applet to create a network connection 
with the content server computer if the hostname entry was present; and 

program code for denying permission for the applet to create a network 
connection with the content server computer of the hostname entry was not 
present. 

A method of creating a network connection between an applet executing on a 
client computer and a content server computer, the method comprising: 
at the client, identifying a source of the applet; 

from the client, checking at the content server for clearance to respond to 
an applet from the source of the applet; and 

permitting the applet to create a network connection with the content 
server computer only if the content server provides clearance. 

A system for creating a network connection between an applet executing on a 
client computer and a content server computer comprising: 
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means for determining a home site name for the applet, the home site 
name corresponding to a host name of a computer from which the applet was 
downloaded to the client computer; 

means for checking for the presence of a hostname entry in a name 
directory on the content server computer, the hostname entry corresponding to 
the home site name for the applet; and 

means for denying permission for the applet to create a network 
connection with the content server computer if the hostname entry was not 
present. 



